Latest vmware esxi Vulnerabilities

CVE-2023-29552
Service Location Protocol (SLP) Denial-of-Service Vulnerability
IETF Service Location Protocol (SLP)
Netapp Smi-s Provider
SUSE Manager Server
SUSE Linux Enterprise Server=11
SUSE Linux Enterprise Server=12
Suse Linux Enterprise Server Sap=12
and 4 more
CVE-2022-31705
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may ...
VMware Workstation>=16.0.0<16.2.5
VMware ESXi=7.0
VMware ESXi=7.0-beta
VMware ESXi=7.0-update_1
VMware ESXi=7.0-update_1a
VMware ESXi=7.0-update_1b
and 16 more
CVE-2022-31699
VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.
VMware Cloud Foundation=3.0
VMware Cloud Foundation=3.0.1
VMware Cloud Foundation=3.0.1.1
VMware Cloud Foundation=3.5
VMware Cloud Foundation=3.5.1
VMware Cloud Foundation=3.7
and 279 more
CVE-2022-31696
VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading ...
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0<4.3.11
VMware Cloud Foundation=3.10
VMware Cloud Foundation=3.11
VMware Cloud Foundation=4.3.11
VMware Cloud Foundation=4.4
and 260 more
CVE-2022-31681
VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.
VMware Cloud Foundation>=4.2<4.3.1.1
VMware Cloud Foundation=4.4
VMware Cloud Foundation=4.4.1
VMware Cloud Foundation=4.4.1.1
VMware ESXi<7.0
VMware ESXi=7.0
and 15 more
CVE-2022-23825
A flaw was found in hw. Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure.
Microsoft Windows Server 2012
Microsoft Windows Server 2012
Microsoft Windows 11=21H2
Microsoft Windows 11=21H2
redhat/kernel-rt<0:3.10.0-1160.80.1.rt56.1225.el7
redhat/kernel<0:3.10.0-1160.80.1.el7
and 547 more
CVE-2022-29901
Arbitrary Memory Disclosure through CPU Side-Channel Attacks (Retbleed)
redhat/kernel-rt<0:3.10.0-1160.80.1.rt56.1225.el7
redhat/kernel<0:3.10.0-1160.80.1.el7
redhat/kernel-rt<0:4.18.0-372.32.1.rt7.189.el8_6
redhat/kernel<0:4.18.0-372.32.1.el8_6
redhat/kernel<0:5.14.0-162.6.1.el9_1
redhat/kernel-rt<0:5.14.0-162.6.1.rt21.168.el9_1
and 686 more
CVE-2022-21166
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:3.10.0-1160.76.1.rt56.1220.el7
redhat/kernel<0:3.10.0-1160.76.1.el7
redhat/kernel-rt<0:4.18.0-372.26.1.rt7.183.el8_6
redhat/kernel<0:4.18.0-372.26.1.el8_6
redhat/kernel<0:4.18.0-147.76.1.el8_1
redhat/kernel<0:4.18.0-193.93.1.el8_2
and 198 more
CVE-2022-21125
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:3.10.0-1160.76.1.rt56.1220.el7
redhat/kernel<0:3.10.0-1160.76.1.el7
redhat/kernel-rt<0:4.18.0-372.26.1.rt7.183.el8_6
redhat/kernel<0:4.18.0-372.26.1.el8_6
redhat/kernel<0:4.18.0-147.76.1.el8_1
redhat/kernel<0:4.18.0-193.93.1.el8_2
and 198 more
CVE-2022-21123
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
redhat/kernel-rt<0:3.10.0-1160.76.1.rt56.1220.el7
redhat/kernel<0:3.10.0-1160.76.1.el7
redhat/kernel-rt<0:4.18.0-372.26.1.rt7.183.el8_6
redhat/kernel<0:4.18.0-372.26.1.el8_6
redhat/kernel<0:4.18.0-147.76.1.el8_1
redhat/kernel<0:4.18.0-193.93.1.el8_2
and 198 more
CVE-2021-22041
VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation>=4.0<4.4
VMware Fusion>=12.0.0<12.2.1
VMware Fusion
VMware Workstation>=16.0.0<16.2.1
VMware ESXi=6.5-650-202202401
and 165 more
CVE-2021-22050
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy. A malicious actor with network access to ESXi may exploit this issue to create a denial-of-service condition by overwhelmi...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation>=4.0<4.4
VMware ESXi=6.5
VMware ESXi=6.7
VMware ESXi=6.7-670-201806001
VMware ESXi=6.7-670-201807001
and 159 more
CVE-2021-22042
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to acc...
VMware Cloud Foundation>=4.0<4.4
VMware ESXi=7.0-update_1
VMware ESXi=7.0-update_2
VMware ESXi=7.0-update_3
CVE-2021-22040
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this iss...
VMware Cloud Foundation>=3.0<3.11
VMware Cloud Foundation>=4.0<4.4
VMware Fusion>=12.0.0<12.2.1
VMware Workstation Player>=16.0.0<16.2.1
VMware Workstation Pro>=16.0.0<16.2.1
VMware ESXi=6.5
and 167 more
CVE-2021-22043
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escala...
VMware Fusion<4.4
VMware ESXi=7.0-update_1
VMware ESXi=7.0-update_2
VMware ESXi=7.0-update_3
CVE-2021-22045
VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability
VMware Workstation
VMware Cloud Foundation>=3.0<=3.10.2.2
VMware Cloud Foundation>=4.0<=4.3.1
VMware Workstation>=16.0.0<16.2.0
VMware Fusion>=12.0.0<12.2.0
Apple Mac OS X
and 213 more
CVE-2021-21994
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentic...
VMware Cloud Foundation>=3.0<3.10.2
VMware Cloud Foundation>=4.0<4.3
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
and 232 more
CVE-2021-21995
OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds...
VMware Cloud Foundation>=3.0<3.10.2
VMware Cloud Foundation>=4.0<4.3
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
and 232 more
CVE-2021-21974
VMware ESXi SLP Heap-based Buffer Overflow Remote Code Execution Vulnerability
VMware ESXi
VMware Cloud Foundation>=3.0<3.10.1.2
VMware Cloud Foundation>=4.0<4.2
VMware ESXi=6.5
VMware ESXi=6.5-2
VMware ESXi=6.5-650-201701001
and 228 more
CVE-2020-3999
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation...
VMware Workstation>=15.0.0<15.5.7
VMware ESXi>=7.0.0<esxi70u1c-17325551
VMware Fusion>=11.5.0<11.5.7
Apple Mac OS X
CVE-2020-3995
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors conta...
VMware ESXi=6.7
VMware ESXi=6.7-670-201806001
VMware ESXi=6.7-670-201807001
VMware ESXi=6.7-670-201808001
VMware ESXi=6.7-670-201810001
VMware ESXi=6.7-670-201810101
and 169 more
CVE-2020-3982
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulne...
VMware ESXi=7.0.0
VMware ESXi=7.0.0-1.20.16321839
VMware ESXi=6.7
VMware ESXi=6.7-670-201806001
VMware ESXi=6.7-670-201807001
VMware ESXi=6.7-670-201808001
and 220 more
CVE-2020-3981
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulner...
VMware Cloud Foundation>=3.0<3.10.1
VMware Cloud Foundation>=4.0<4.1
VMware Workstation>=15.0.0<=15.5.6
VMware ESXi=7.0.0
VMware ESXi=7.0.0-1.20.16321839
VMware Fusion>=11.0<11.5.6
and 219 more
CVE-2020-3992
VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability
VMware Cloud Foundation>=3.0<3.10.1.1
VMware Cloud Foundation>=4.0<4.1
VMware ESXi=6.5
VMware ESXi=6.5-2
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
and 220 more
CVE-2020-3976
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0<4.0.1
VMware vCenter Server=6.5
VMware vCenter Server=6.5-a
VMware vCenter Server=6.5-b
VMware vCenter Server=6.5-c
and 223 more
CVE-2020-3964
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an inf...
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.2
VMware Workstation>=15.0.0<15.5.2
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 184 more
CVE-2020-3963
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-...
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.2
VMware Workstation>=15.0.0<15.5.2
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 184 more
CVE-2020-3967
VMware Workstation EHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.5
VMware Workstation>=15.0.0<15.5.5
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 175 more
CVE-2020-3968
VMware Workstation xHCI Isoch TD Out-Of-Bounds Write Privilege Escalation Vulnerability
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.5
VMware Workstation>=15.0.0<15.5.5
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 175 more
CVE-2020-3966
VMware Workstation EHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.2
VMware Workstation>=15.0.0<15.5.2
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 175 more
CVE-2020-3971
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet...
VMware Cloud Foundation>=3.0<3.7.2
VMware Fusion>=11.0.0<11.0.2
VMware Workstation>=15.0.0<15.0.2
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
and 88 more
CVE-2020-3965
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an inf...
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.2
VMware Workstation>=15.0.0<15.5.2
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 184 more
CVE-2020-3970
VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
VMware Workstation
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.5
VMware Workstation>=15.0.0<15.5.5
VMware ESXi=6.5
and 175 more
CVE-2020-3962
VMware Workstation SVGA DXInvalidateContext Use-After-Free Privilege Escalation Vulnerability
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.5
VMware Workstation>=15.0.0<15.5.5
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 175 more
CVE-2020-3969
VMware Workstation SVGA3D Command Heap Overflow Privilege Escalation Vulnerability
VMware Workstation
VMware Cloud Foundation>=3.0<3.10
VMware Cloud Foundation>=4.0.0<4.0.1
VMware Fusion>=11.0.0<11.5.5
VMware Workstation>=15.0.0<15.5.5
VMware ESXi=6.5
and 175 more
CVE-2020-3958
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerabil...
VMware Fusion>=11.0.0<11.5.2
VMware Workstation>=15.0.0<15.5.2
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
and 180 more
CVE-2020-3959
VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in...
VMware Fusion>=11.0.0<11.1.0
VMware Workstation>=15.0.0<15.1.0
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
and 180 more
CVE-2020-3955
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluate...
VMware ESXi=6.5
VMware ESXi=6.5-2
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
VMware ESXi=6.5-650-201704001
and 173 more
CVE-2019-5544
VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware Horizon DaaS>=8.0.0<9.0.0.0
VMware ESXi=6.0
VMware ESXi=6.0-1
VMware ESXi=6.0-1a
VMware ESXi=6.0-1b
VMware ESXi=6.0-2
and 257 more
CVE-2019-5536
VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the sha...
VMware Fusion>=11.0.0<11.5.0
VMware Workstation>=15.0.0<15.5.0
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
and 121 more
CVE-2019-5527
ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity r...
Vmware Horizon<5.2.0
Vmware Horizon<5.2.0
Vmware Horizon<5.2.0
Vmware Remote Console>=10.0.0<10.0.5
VMware Workstation>=10.0.0<10.0.5
VMware Workstation>=15.0.0<15.5.0
and 181 more
CVE-2019-5521
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6) and Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain a...
VMware Fusion>=10.0.0<10.1.6
VMware Fusion>=11.0.0<11.0.3
VMware Workstation>=14.0.0<14.1.6
VMware Workstation>=15.0.0<15.0.3
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 114 more
CVE-2019-5531
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b,...
VMware ESXi=6.7-670-201811001
VMware vSphere ESXi=6.7
VMware vSphere ESXi=6.7-update_1
VMware vSphere ESXi=6.5-a
VMware vSphere ESXi=6.5-u2
VMware vSphere ESXi=6.5
and 62 more
CVE-2019-5528
VMware ESXi 6.5 suffers from partial denial of service vulnerability in hostd process. Patch ESXi650-201907201-UG for this issue is available.
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
VMware ESXi=6.5-650-201703001
VMware ESXi=6.5-650-201703002
VMware ESXi=6.5-650-201704001
VMware ESXi=6.5-650-201707101
and 120 more
CVE-2019-5520
VMware Workstation Shader Bytecode Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
VMware Workstation
VMware Fusion>=10.0.0<10.1.6
VMware Fusion>=11.0.0<11.0.3
VMware Workstation>=14.0.0<14.1.6
VMware Workstation>=15.0.0<15.0.3
VMware ESXi=6.5
and 115 more
CVE-2019-5517
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) contain mult...
VMware Fusion>=10.0.0<10.1.6
VMware Fusion>=11.0.0<11.0.3
VMware Workstation>=14.0.0<14.1.6
VMware Workstation>=15.0.0<15.0.3
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 114 more
CVE-2019-5516
VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates addr...
VMware Fusion>=10.0.0<10.1.6
VMware Fusion>=11.0.0<11.0.3
VMware Workstation>=14.0.0<14.1.6
VMware Workstation>=15.0.0<15.0.3
VMware ESXi=6.5
VMware ESXi=6.5-650-201701001
and 114 more
CVE-2019-5519
(Pwn2Own) VMware Workstation UHCI Race Condition Privilege Escalation Vulnerability
VMware Workstation
VMware Fusion>=10.0.0<10.1.6
VMware Fusion>=11.0.0<11.0.3
VMware Workstation>=14.0.0<14.1.7
VMware Workstation>=15.0.0<15.0.4
VMware ESXi=6.0
and 70 more
CVE-2019-5518
(Pwn2Own) VMware Workstation UHCI Out-Of-Bounds Access Privilege Escalation Vulnerability
VMware Fusion>=10.0.0<10.1.6
VMware Fusion>=11.0.0<11.0.3
VMware Workstation>=14.0.0<14.1.7
VMware Workstation>=15.0.0<15.0.4
VMware ESXi=6.0
VMware ESXi=6.0-600-201811001
and 70 more
CVE-2018-6981
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, ...
VMware Workstation>=14.0.0<14.1.4
VMware Workstation=15.0.0
VMware Fusion>=10.0.0<10.1.4
VMware Fusion=11.0.0
Apple Mac OS X
VMware ESXi=6.0
and 164 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203